I am experiencing an issue with setting up ADFS 3.0 on Windows Server 2012 R2. The question is mainly about certificates and how I would use them. I'm wondering which certificates to use, etc, to make this work.
Here is my current scenario -
I currently have a live environment set up, where we have a Domain Controller (Windows Server 2008 Enterprise, this is also the Root CA) and an ADFS Server (Windows Server 2012 R2) based in our corporate network.
I've also set up an ADFS proxy server (Windows Server 2012 R2) which is located in our DMZ perimeter network.
We have a new ticketing system that's recently been implemented, where we want users to be able to get to on the cloud. It's currently set to use LDAP logins and that works fine, but our organisation is looking to have SSO enabled for it.
I have read through how to set up relying party trusts and claims rules, but I'm stuck on the initial setup - based on a problem where I'm unsure of what certificates to use/issue.
(The design diagram provided is the current setup).
I've created the "ADFS SSL Certificate" template on my Domain Controller to use for ADFS (I've achieved this by using online videos from IT professionals for the ADFS SSL Certificate - example - https://www.youtube.com/watch?t=398&v=y3sPX6T9W28
). Bearing in mind, I only used the video to learn how to duplicate a web server template and create an ADFS SSL Certificate, nothing else.
Our ADFS server can enroll for a certificate and it completes the setup fine. I can then verify that ADFS is working by navigating to the SSO page created for ADFS - https://adfs.organisation.local/adfs/ls/IdpInitiatedSignon.aspx
. Unfortunately, this isn't what I want to achieve, as this is only for a (.local) address.
I'm unsure on how to approach the scenario so that I can make the ADFS service available outside the organisation, because of the (adfs.organisation.local) predicament.
NOTE: We do have a wildcard certificate for our organisation that sits on a Load Balancer outside the DMZ, lets say it's called "*.organisation.net", but I am not sure how to use this to get the ADFS setup working outside of my organisation.
I am familiar with DNS now and I have average knowledge of certificates, but not enough knowledge for all of this to fulfill the project.
Has anyone done this before in a live environment? Is anyone able to help with my issue and provide knowledge on the subject?
All help is appreciated!!